SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Over a third of workers have picked up bad cybersecurity habits while working remotely
Wed, 16th Jun 2021
FYI, this story is more than a year old

A new report finds over a third of workers have picked up bad cybersecurity behaviours since working from home.

The report, commissioned by Tessian, a human layer security company, analysed the security behaviours of remote workers and found that 36% of employees say they've picked up bad cybersecurity practices and found ways to work around security since they started working remotely.

It also reveals that one-quarter of workers didn't admit to a serious cybersecurity mistake made while working from home.

According to the report, nearly a third of employees (30%) believe they can take greater risks with security when working remotely, with 39% saying the cybersecurity behaviour they practice while working from home is different to how they practise it in the office.

Nearly half of those surveyed say because they feel they aren't being watched by IT, it makes them less stringent with security. The research shows over a quarter of employees say they've made a mistake compromising company security they haven't told anyone about, due to fear of disciplinary action, or having to take part in more security training.

IT leaders were also surveyed, with 70% believing the return to office will encourage staff to follow company security policies around data protection and privacy.

Over half of IT leaders say they are worried staff will bring infected devices and malware into the workplace when businesses transition back to the office, while 69% believe ransomware attacks will be a larger concern in a hybrid workplace.

An increase in targeted phishing emails is also concerning for 67% of IT leaders. Tessian's platform data shows a surge in hybrid work-related scams when lockdowns eased last month. In early May, it found that the number of suspicious emails relating to hybrid work was 39% higher than the overall weekly average of Back to Office emails flagged by Tessian since the start of 2021.

Six in 10 IT leaders say the return to business travel will pose increased cybersecurity challenges for their company. Concerns include a rise in phishing attacks whereby threat actors impersonate airlines, booking operators, hotels, or even senior executives supposedly on a business trip. And there's also the risk that employees accidentally leave devices on public transport or expose company data in public places.

“The shift to an all-remote workforce was one huge challenge for IT leaders, but the next transition to a hybrid work model is poised to be even more challenging, particularly when it comes to employees' behaviours,” says Tessian CEO, Tim Sadler.

“Employees are the gatekeepers to data and systems, but expecting them to be security experts and scaring them into compliance won't work. IT leaders need to prioritise building a security culture that empowers people to work securely and productively, and understand how to encourage long-lasting behavioural change over time if they're going to thrive in this new way of working.